HTML/Phish.EQ


Joined
Dec 20, 2015
Messages
35
Reaction score
4
I have a problem that started yesterday. My
System Mechanic anti virus started catching
HTML/Phish.EQ. I get it with IE, EDGE, Google
but not with Google Chrome whenever I
select a sign on screen. I tried to follow the
path that my anti virus says it is on but I cannot
follow it to the end. Does anyone know
how I can get rid of this permanently?
 
Ad

Advertisements

Joined
May 6, 2015
Messages
2,526
Reaction score
405
Sounds like the sort of thing that MalwareBytes will find or the Microsoft Malicious software removal tool ( mrt.exe)

You could post the path that leads to this thing.
 
Joined
Dec 20, 2015
Messages
35
Reaction score
4
Sounds like the sort of thing that MalwareBytes will find or the Microsoft Malicious software removal tool ( mrt.exe)

You could post the path that leads to this thing.
c:\users\joe'spc\appdata\local\microsoft\windows\inetcache\low\ie.ip7881zu\servicelogin[1].htm
 
Joined
Dec 20, 2015
Messages
35
Reaction score
4
I ran malwarebytes and MRT.exe. Neither of them showed any infections. Also the path changes depending which browser I am using.
 

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,905
Reaction score
2,174
Try these four
JRT (Junkware Removal Tool) from here http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
ADWcleaner from here http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
RogueKiller from here http://www.bleepingcomputer.com/download/roguekiller/
Norton Power Eraser from here https://security.symantec.com/nbrt/npe.aspx
In that order and then finish up by running
ESET Online Scanner from here http://www.eset.com/us/online-scanner/
Eset online scanner is a bit different than the others in that you need to either use
IE or download and run their smart installer if you're using another browser. Then tick
the radio button that says "Enable detection of potentiall unwanted application"
Then click the link that says "Advanced settings", then check all the boxes except the
one that mentions "Use custom proxy settings", unless of course you're using a Proxy
Server. Then just click "Start", it will do a thorough system scan so it takes a long
time.
 
Joined
Jun 5, 2016
Messages
9
Reaction score
0
I have a problem that started yesterday. My
System Mechanic anti virus started catching
HTML/Phish.EQ. I get it with IE, EDGE, Google
but not with Google Chrome whenever I
select a sign on screen. I tried to follow the
path that my anti virus says it is on but I cannot
follow it to the end. Does anyone know
how I can get rid of this permanently?
I too just started having this issue. Fortunately (and unfortunately) System Mechanic stops this HTML/Phish.EQ (Password Stealer) before it infects the computer so when full scans are done, it does not show up as being infected.
 
Ad

Advertisements

Joined
Jun 5, 2016
Messages
9
Reaction score
0
Try these four
JRT (Junkware Removal Tool) from here http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
ADWcleaner from here http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
RogueKiller from here http://www.bleepingcomputer.com/download/roguekiller/
Norton Power Eraser from here https://security.symantec.com/nbrt/npe.aspx
In that order and then finish up by running
ESET Online Scanner from here http://www.eset.com/us/online-scanner/
Well, I did all you suggested except for the ESET Online Scanner. Unfortunately, I can't purchase that program at this time and that site does not offer a free scan like the others.

As for the HTML/Phish.EQ infection, it still attempts to install but lucky for me (I guess) System Mechanic Professional (Real-Time protection) seems to grab it and quarantine it the moment I go to google gmail.com website and before I enter my information to log in and check my emails. I don't use Chrome because I really don't care for Google products other than their email part and only because I've been using them for almost 14 years. I hate the thought of having to establish a new online email address with someone else as I do not use the mail service provided by my internet service provider.

Any more ideas about this issue?
 
Last edited:
Joined
Jun 5, 2016
Messages
9
Reaction score
0
Yes it does, it's a free one time scanner
http://www.eset.com/us/online-scanner/
The one on the left that says "SCAN NOW"

View attachment 3117
okay will go try that one .. that's not the webpage I get when clicking on your link. Could that be because I am using Microsoft Edge as my browser?

okay, your link sends me to the webpage for MAC users..LoL. I did get there eventually and am doing the scan now. Will be back afterwards to let you know the outcome. Thank you so much for your help with this.
 
Last edited:

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,905
Reaction score
2,174
Could that be because I am using Microsoft Edge as my browser?
Perhaps. Try using IE instead
Start button, all apps, windows accessories, internet explorer
See if that makes a difference.
 
Joined
Jun 5, 2016
Messages
9
Reaction score
0
Perhaps. Try using IE instead
Start button, all apps, windows accessories, internet explorer
See if that makes a difference.
okay, your link sends me to the webpage for MAC users..LoL. I did get there eventually and am doing the scan now. Will be back afterwards to let you know the outcome. Thank you so much for your help with this. I'm thinking of deleting IE since I've gotten use to Microsoft Edge. :)
 
Ad

Advertisements

Joined
Dec 20, 2015
Messages
35
Reaction score
4
Try these four
JRT (Junkware Removal Tool) from here http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
ADWcleaner from here http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
RogueKiller from here http://www.bleepingcomputer.com/download/roguekiller/
Norton Power Eraser from here https://security.symantec.com/nbrt/npe.aspx
In that order and then finish up by running
ESET Online Scanner from here http://www.eset.com/us/online-scanner/
The Junkware Removal Tool did the trick.

Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\prefetch\PWFREE91.TMP-BCD2FAB9.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\PWFREE91.TMP-C58AB07F.pf (File)

Once they were deleted I am no longer get the error. Thanks!
 

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,905
Reaction score
2,174
You're welcome.
Often these things cannot be defeated with one or even two utilities. It often takes a multi-pronged approach and even then it can still be difficult to target.
By the way, JRT is a product produced by Malwarebytes, the same tool you mentioned using earlier. It just uses a different approach to get to the same end.
I use as many as a dozen of such utilities including Combofix, SuperAntiSpyware, Hitman Pro and others and I've found sometimes one will catch something that another misses for some reason.
I always leave Eset Online Scanner for last and if I get a clean bill of health from it, I feel pretty confident that the computer is clean (ignoring of course anything it might find in the other tool's quarantine folders).
 
Joined
Jun 5, 2016
Messages
9
Reaction score
0
You're welcome.
Often these things cannot be defeated with one or even two utilities. It often takes a multi-pronged approach and even then it can still be difficult to target.
By the way, JRT is a product produced by Malwarebytes, the same tool you mentioned using earlier. It just uses a different approach to get to the same end.
I use as many as a dozen of such utilities including Combofix, SuperAntiSpyware, Hitman Pro and others and I've found sometimes one will catch something that another misses for some reason.
I always leave Eset Online Scanner for last and if I get a clean bill of health from it, I feel pretty confident that the computer is clean (ignoring of course anything it might find in the other tool's quarantine folders).
Well, I'm back and for about 5 hours it was gone. I took a nap and when I logged in just now and went to gmail.com to check my emails ... System Mechanic threw up the alert that it blocked and quarantined the Phish.EQ. So now I'm frustrated again .. LoL.
 

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,905
Reaction score
2,174
I've found that when reinfection seems to keep happening even after a thorough cleaning, apparently leaving the machine free of malware, that it can sometimes hide in System Restore points and or use Schedule Tasks to recall the malware. These types of infections can be very difficult to get rid of because some scheduled tasks are or can be actually hidden from the normal Task Scheduler viewer.
There are other tools such as Farbar Recovery Scan Tool as well as a couple others that can help with these types of infections but they are not utilities can normally be used without proper instructions from qualified users.
I was just reading about what Microsoft has to say about your infection
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS:HTML/Phish.EQ
This threat can steal your personal information, such as your user names and passwords. It sends the stolen information to a malicious hacker.
But not a lot of info as to what to do next, except running a scan with Defender and Microsoft Safety Scanner
 
Joined
Jun 5, 2016
Messages
9
Reaction score
0
I was just reading about what Microsoft has to say about your infection
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS:HTML/Phish.EQ

But not a lot of info as to what to do next, except running a scan with Defender and Microsoft Safety Scanner
Okay, I will try that. This is making me crazy. I only go to specific websites that I have been using for years so it has me scratching my head as to why all of a sudden when I go to the google gmail website, I get this problem.
 
Ad

Advertisements

Joined
Jun 5, 2016
Messages
9
Reaction score
0
I'm back .. LoL. I ran Defender and Microsoft Safety Scanner and they found nothing. I'm a tad bit afraid to go to the gmail.com website at the moment. Which also means I can't get to my email either. What I am wondering now is if this issue has something to do with System Mechanic Professional by Iolo. Should I get a different antivirus/spyware program? I've used System Mechanic for about 8 years now and they seem pretty much on top of things. But then again, I used to use AVG (for about 8 years too) and a disgruntled ex-employee attached a virus to the updating definitions. What a whirlwind that was.
 
Last edited:

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
12,905
Reaction score
2,174
Not sure what to tell you, short of involving an expert in this type of matter I'm not sure what else I could suggest.
There are forums that semi-specialize in these things, like Bleeping Computer. They have some excellent folks over there who are definitely experts at beating up on malware.
You might give them a try and see if they can be of more help. I really wish I could help you further but we aren't really that type of forum and have a more broader and general focus and you need some targeted specific help that I simply cannot provide and I would really like to see you get it.
 
Ad

Advertisements

Joined
Feb 18, 2016
Messages
2,834
Reaction score
624
If you have Malwarebytes Premium click on support and they will assign a tech to assist you each step of the process. They too run Farbar and JRT also will ask you uninstall and do a clean install of Mambam. Make sure you take note of Mabam's ID key and Identifier for installation.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top